One such firm, ReturnPath Inc., reportedly scanned the inboxes of a staggering 2million people to collect marketing data after they'd signed up for one of the free apps produced by its partners.

Its algorithms generally snoop on a whopping 100 million emails per day, none of which are censored to block out users' personal or sensitive info.

And at one point around two years ago, the company's employees also read around 8,000 uncensored emails to help train the firm's software.

These companies typically collect things like an email's recipient, sender, subject, time stamp, the text and receipt data for online purchases to glean clues about consumers that they can sell to marketers and other businesses.

This info allows companies to pinpoint, for example, the ideal time to send you emails and the type of language that will encourage you to open a message.

It can also help them figure out what products are trending and their average prices.

These kind of invasive tactics have become "common practice", a former exec at data collection firm eDataSource Inc. told WSJ.

Another firm called Edison Software – a Gmail developer that makes a mobile app for reading and organising emails – also reportedly had its workers review the Gmail messages of hundreds of users.

This fresh Gmail gaffe is the latest privacy fiasco to rock Silicon Valley, arriving on the heels of Facebook's historic Cambridge Analytica scandal. And it bears all the hallmarks of that breach of trust.

Like Facebook, Google allowed external developers to monitor your emails with little control over what they did with that data.

For its part, Google says that its rules bar app makers from providing data to anyone else “without explicit opt-in consent from that user” or from copying and storing that info – but developers told WSJ that the firm is doing little to enforce those policies.